Chameleon Virus – Contagious Wi-Fi Virus Developed by Liverpool University Researchers
Nowadays, using WI-FI has become our everyday part of life. No matter how important the information is, it is sent through a Wi-Fi network. Having access of this information through a virus will posses a great threat, than we realize. Researchers of Liverpool University have developed such a virus known as ‘chameleon’. Chameleon can actually, infect the Wi-Fi network.
Researchers say that this Wi-Fi virus spreads like “airborne virus”.
The team designed and simulated an attack by chameleon, and found that not only it could spread fast like a common cold, it was also able to avoid detection and, identify and sort out the weakest Wi-Fi access protection encryption and password. The most frightening thing about the virus, it is invisible to current virus detection. It is found that it can spread more easily and quickly in populated areas with more WI-FI network Access Points.
Why is ‘chameleon’ invisible to current virus detection?
Usually IDS (intrusion detection system) is used as a defense against rogue AP attacks, this uses the RSSI value (received signal strength indicator) to track the location of the device.
But chameleon attack replaces the firmware (the micro-program in the ROM) and masquerades the outward authority. Thus all visible and physical attributes are copied and there is no change in the RSSI values. Therefore it is not seen by the current virus detection system.
How does it attack?
The principal steps of the Chameleon virus are as follows:
- Establish a list of susceptible APs within the current location.
- Bypass any encryption security on the AP.
- Bypass the administrative interface on the AP.
- Identify and store AP system settings.
- Replace the AP firmware on vulnerable APs with the virus-loaded firmware.
- Reload the victim AP system settings.
- Propagate virus (return to 1).
What is it capable of?
Alan Marshall, Professor of Network Security at the University, said: “When Chameleon attacked an AP it didn’t affect how it worked, but was able to collect and report the credentials of all other WiFi users who connected to it. The virus then sought out other WiFi APs that it could connect to and infect.”
The virus can self-propagate and infecting few routers would leads to thousands of infected devices within 24 hrs. The virus can be used for stealing information, traffic eavesdropping, destruction of traffic, disruption of infected host normal operations or even killing the device itself.
I know it is impossible to escape infection by this virus, if there is an attack. But we could avoid being in the least protected list by changing our passwords regularly and also by not using Wi-Fi in crowded areas with lot of Wi-Fi networks.
This post was first published on March 5, 2014.